User multithr3at3d - Information Security Stack Exchange

71 votes

Accepted

How do universities and schools securely sync passwords between multiple services?

answered Jan 20, 2019 at 15:46

68 votes

Accepted

Security risks of fetching user-supplied URLs

answered Apr 25, 2020 at 13:14

67 votes

Why are stored procedures and prepared statements the preferred modern methods for preventing SQL Injection over mysql real escape string() function

answered Apr 21, 2020 at 2:58

56 votes

Accepted

What's the difference between end-to-end and regular TLS encryption?

answered Apr 12, 2017 at 23:45

51 votes

What could an "<img src=" XSS do?

answered Sep 1, 2016 at 2:23

31 votes

Accepted

Eduroam requires installation of a CA Certificate - can they decrypt TLS traffic?

answered Apr 11, 2020 at 19:56

27 votes

Protecting firmware .bin from reverse engineering

answered Jul 23, 2020 at 12:48

26 votes

Why has Ubuntu 18.04 moved back to insecure Xorg?

answered Apr 17, 2018 at 15:43

20 votes

Bypass MAC address internet time filtering?

answered Jul 21, 2018 at 23:15

16 votes

Where should I store a username during a password reset?

answered Jun 21, 2020 at 18:29

14 votes

Do I need to encrypt connections inside a corporate network?

answered Jun 21, 2018 at 17:22

12 votes

HTTP: how likely are you to be compromised by using it just once?

answered Jun 23 at 23:38

11 votes

Accepted

Encrypt folder on Linux that can only be decrypted on that specific OS and device

answered Oct 25, 2019 at 15:25

11 votes

Is a public /admin route a security flaw?

answered Jan 19, 2020 at 15:06

10 votes

Accepted

How does SSH know which public key to use from authorized_keys?

answered Apr 3, 2018 at 1:55

9 votes

Is it possible to identify my cellphone model if I connect to wifi?

answered Mar 22, 2018 at 23:31

9 votes

Accepted

Would MAC filtering protect against KRACK?

answered Oct 17, 2017 at 3:53

9 votes

Accepted

How does malware get past NAT routers?

answered Nov 21, 2016 at 20:35

9 votes

Accepted

Why can I ping a server, but nmap normal scan cannot see the host?

answered May 22, 2021 at 4:00

8 votes

Accepted

Questions about TLS handshaking process

answered Nov 11, 2015 at 15:41

8 votes

Accepted

ARP spoofing with Scapy. How does Scapy reroute traffic?

answered Jan 18, 2018 at 3:29

7 votes

Accepted

How to ensure the third party CDN is secure (and stays secure)?

answered Apr 24, 2018 at 21:43

7 votes

Accepted

Could a cracked password run as a command on the attacker's system?

answered Mar 3, 2019 at 2:36

7 votes

Accepted

How does proxychains avoid DNS leaks?

answered Jan 18, 2020 at 16:35

6 votes

When will TLS 1.2 be deprecated?

answered Aug 28, 2020 at 21:52

6 votes

Accepted

Do you need DNSSEC if you use HSTS?

answered May 12, 2018 at 22:52

6 votes

Accepted

Is it safe to leave MySQL root user without a password if it uses auth_socket?

answered Oct 5, 2019 at 18:55

6 votes

Accepted

Why is forwarding port 80 more insecure than the others?

answered Dec 25, 2017 at 18:53

6 votes

Accepted

Password protection for NetCat shell?

answered Sep 17, 2016 at 18:00

6 votes

Accepted

Are security keys with touch requirements more secure than those without?

answered Apr 3, 2021 at 0:59

Stack Exchange Network

399 Answers

How do universities and schools securely sync passwords between multiple services?

Security risks of fetching user-supplied URLs

Why are stored procedures and prepared statements the preferred modern methods for preventing SQL Injection over mysql real escape string() function

What's the difference between end-to-end and regular TLS encryption?

What could an "<img src=" XSS do?

Eduroam requires installation of a CA Certificate - can they decrypt TLS traffic?

Protecting firmware .bin from reverse engineering

Why has Ubuntu 18.04 moved back to insecure Xorg?

Bypass MAC address internet time filtering?

Where should I store a username during a password reset?

Do I need to encrypt connections inside a corporate network?

HTTP: how likely are you to be compromised by using it just once?

Encrypt folder on Linux that can only be decrypted on that specific OS and device

Is a public /admin route a security flaw?

How does SSH know which public key to use from authorized_keys?

Is it possible to identify my cellphone model if I connect to wifi?

Would MAC filtering protect against KRACK?

How does malware get past NAT routers?

Why can I ping a server, but nmap normal scan cannot see the host?

Questions about TLS handshaking process

ARP spoofing with Scapy. How does Scapy reroute traffic?

How to ensure the third party CDN is secure (and stays secure)?

Could a cracked password run as a command on the attacker's system?

How does proxychains avoid DNS leaks?

When will TLS 1.2 be deprecated?

Do you need DNSSEC if you use HSTS?

Is it safe to leave MySQL root user without a password if it uses auth_socket?

Why is forwarding port 80 more insecure than the others?

Password protection for NetCat shell?

Are security keys with touch requirements more secure than those without?